check email/username syntax before sending it to db

2023-09-26 00:43:14 +02:00 · 2023-09-26 00:43:14 +02:00 · 0a7d248a3e
commit 0a7d248a3e
parent 2177dfd893
1 changed files with 14 additions and 0 deletions
--- a/src/Controller/LoginController.php
+++ b/src/Controller/LoginController.php
@ -157,6 +157,13 @@ class LoginController
            return new JsonContent(['success' => true]);
        }

+        if (
+            filter_var(\Container::$request->post('email'), FILTER_VALIDATE_EMAIL) === false &&
+            preg_match('/^[a-zA-Z0-9_\-\.]+$/', \Container::$request->post('email')) !== 1
+        ) {
+            return new JsonContent(['error' => ['errorText' => 'This is not a valid email address or username.']]);
+        }
+
        $user = $this->userRepository->getByEmailOrUsername(\Container::$request->post('email'));

        if ($user === null) {
@ -500,6 +507,13 @@ class LoginController
            }
        }

+        if (
+            filter_var(\Container::$request->post('email'), FILTER_VALIDATE_EMAIL) === false &&
+            preg_match('/^[a-zA-Z0-9_\-\.]+$/', \Container::$request->post('email')) !== 1
+        ) {
+            return new JsonContent(['error' => ['errorText' => 'This is not a valid email address or username.']]);
+        }
+
        $user = $this->userRepository->getByEmailOrUsername(\Container::$request->post('email'));

        if ($user === null) {